Abstract
According to this research work, the updated KDD-99 database is considered for the enlargement of hybrid hierarchical intrusion detection system (IDS). A total set of 4,898,431 testing instances comprising of 972,781 testing instances of normal type class and 3,925,650 testing instances of attack type class are used. The attack class consists of four distinct type of malicious activities named as DOS, U2R, R2L, and probing. The complete set of instances are further bifurcated into training and testing instance set in the ratio of 50–50. In hierarchical classifier structure, level-1 classifier is used for classification between normal and attack class. Attack class test samples are passed to level-2 classifier, which is used to identify the input test samples into DoS and additional type class. After that, other type test samples are passed to level-3 classifier, which is capable of classifying the tests into R2L and remaining class. Once again remaining class test samples are passed to level-4 classifier, which has the ability to classify the test samples into U2R and probing type of attack. Then, the most excellent performing classifiers at one and all level are again arranged in required hierarchical order to get hybrid hierarchical classifier, so that overall detection ratio is high at each level. After the validation of the proposed work on KDD-99 dataset, the highest detection rate is achieved with the help of hierarchical structure of SSVM classifier based IDS i.e. 97.91%. It has also been calculated that the Overall Detection Accuracy (ODA) of 96.80%, 96.32%, 95.86%, 97.89% and 97.74% is achieved by SVM, PNN, DT, NFC and kNN classifiers in hierarchical structure respectively. The proposed hybrid hierarchical classifier based IDS attained the ODA of 98.79%, which is highest among all experiments ODAs.
Similar content being viewed by others
References
Endorf, C. F., Schultz, E., & Mellander, J. (2004). Intrusion detection and prevention. McGraw Hill Professional.
Anderson, J. P. (1980). Computer security threat monitoring and surveillance. Technical Report, James P. Anderson Company.
Kumar, I., Mohd, N., Bhatt, C., & Sharma, S. K. (2020). Development of IDS using supervised machine learning. In M. Pant, T. K. Sharma, R. Arya, B. C. Sahana, & H. Zolfagharinia (Eds.), Soft computing: Theories and applications (pp. 565–577). Springer. https://doi.org/10.1007/978-981-15-4032-5_52
Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 2, 222–232. https://doi.org/10.1109/TSE.1987.232894
Kumar, I., Bhadauria, H. S., Virmani, J., & Thakur, S. (2017). A hybrid hierarchical framework for classification of breast density using digitized film screen mammograms. Multimedia Tools and Applications, 76(18), 18789–18813. https://doi.org/10.1007/s11042-016-4340-z
Rawat, J., Singh, A., Bhadauria, H. S., Virmani, J., & Devgun, J. S. (2017). Classification of acute lymphoblastic leukaemia using hybrid hierarchical classifiers. Multimedia Tools and Applications, 76(18), 19057–19085. https://doi.org/10.1007/s11042-017-4478-3
Alivar, A., Danyali, H., & Helfroush, M. S. (2016). Hierarchical classification of normal, fatty and heterogeneous liver diseases from ultrasound images using serial and parallel feature fusion. Biocybernetics and Biomedical Engineering, 36(4), 697–707. https://doi.org/10.1016/j.bbe.2016.07.003
Gletsos, M., Mougiakakou, S. G., Matsopoulos, G. K., Nikita, K. S., Nikita, A. S., & Kelekis, D. (2003). A computer-aided diagnostic system to characterize CT focal liver lesions: Design and optimization of a neural network classifier. IEEE Transactions on Information Technology in Biomedicine, 7(3), 153–162. https://doi.org/10.1109/TITB.2003.813793
Lasztovicza, L., Pataki, B., Székely, N., & Tóth, N. (2014). Neural network based microcalcification detection in a mammographic CAD system. International Journal of Computing, 3(3), 13–19.
Owjimehr, M., Danyali, H., Helfroush, M. S., & Shakibafard, A. (2017). Staging of fatty liver diseases based on hierarchical classification and feature fusion for back-scan—Converted ultrasound images. Ultrasonic Imaging, 39(2), 79–95. https://doi.org/10.1177/0161734616649153
Silla, C. N., & Freitas, A. A. (2011). A survey of hierarchical classification across different application domains. Data Mining and Knowledge Discovery, 22(1), 31–72. https://doi.org/10.1007/s10618-010-0175-9
Sood, M., & Bhooshan, S. V. (2015). Hierarchical computer aided diagnostic system for seizure classification. In 2015 2nd international conference on computing for sustainable global development (INDIACom) (pp. 1925–1930). IEEE.
Mohd, N., Annapurna, S., & Bhadauria, H. S. (2014). Taxonomy on security attacks on self configurable networks. World Applied Sciences Journal, 31(3), 390–398. https://doi.org/10.5829/idosi.wasj.2014.31.03.1973
Verwoerd, T., & Hunt, R. (2002). Intrusion detection techniques and approaches. Computer Communications, 25(15), 1356–1365. https://doi.org/10.1016/S0140-3664(02)00037-3
Khan, S., Loo, K. K., & Din, Z. U. (2010). Framework for intrusion detection in IEEE 80211 wireless mesh networks. The International Arab Journal of Information Technology, 7(4), 435–440.
Mohd, N., Singh, A., & Bhadauria, H. S. (2020). A novel SVM based IDS for distributed denial of sleep strike in wireless sensor networks. Wireless Personal Communications, 111, 1999–2022. https://doi.org/10.1007/s11277-019-06969-9
Abraham, A., Grosan, C., & Martin-Vide, C. (2007). Evolutionary design of intrusion detection programs. IJ Network Security, 4(3), 328–339.
Tiwari, A., & Ojha, S. K. (2019). Design and analysis of intrusion detection system via neural network, SVM, and neuro-fuzzy. In A. Abraham, P. Dutta, J. K. Mandal, A. Bhattacharya, & S. Dutta (Eds.), Emerging technologies in data mining and information security (pp. 49–63). Springer. https://doi.org/10.1007/978-981-13-1951-8_6
Abraham, A., Jain, R., Thomas, J., & Han, S. Y. (2007). D-SCIDS: Distributed soft computing intrusion detection system. Journal of Network and Computer Applications, 30(1), 81–98. https://doi.org/10.1016/j.jnca.2005.06.001
Roman, R., Zhou, J., & Lopez, J. (2006). Applying intrusion detection systems to wireless sensor networks. In IEEE consumer communications and networking conference (CCNC 2006). https://doi.org/10.1109/CCNC.2006.1593102.
Karataş, F., & Korkmaz, S. A. (2018). Big Data: Controlling fraud by using machine learning libraries on spark. International Journal of Applied Mathematics Electronics and Computers, 6(1), 1–5. https://doi.org/10.18100/ijamec.2018138629
Peng, K., Leung, V. C., & Huang, Q. (2018). Clustering approach based on mini batch k-means for intrusion detection system over big data. IEEE Access, 6, 11897–11906. https://doi.org/10.1109/ACCESS.2018.2810267
Anuar, N. B., Sallehudin, H., Gani, A., & Zakaria, O. (2008). Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malaysian Journal of Computer Science, 21(2), 101–115. https://doi.org/10.22452/mjcs.vol21no2.3
Golovko, V., & Kochurko, P. (2005). Intrusion recognition using neural networks. In 2005 IEEE intelligent data acquisition and advanced computing systems: Technology and applications (pp. 108–111). IEEE. https://doi.org/10.1109/IDAACS.2005.282950.
Hu, W., Liao, Y., & Vemuri, V. R. (2003). Robust anomaly detection using support vector machines. In Proceedings of the international conference on machine learning (pp. 282–289).
Chen, W. H., Hsu, S. H., & Shen, H. P. (2005). Application of SVM and ANN for intrusion detection. Computers and Operations Research, 32(10), 2617–2634. https://doi.org/10.1016/j.cor.2004.03.019
Li, Y., & Parker, L. E. (2008). Intruder detection using a wireless sensor network with an intelligent mobile robot response. In IEEE SoutheastCon 2008 (pp. 37–42). IEEE. https://doi.org/10.1109/SECON.2008.4494250
Peng, K., Leung, V., Zheng, L., Wang, S., Huang, C., & Lin, T. (2018). Intrusion detection system based on decision tree over big data in fog environment. Wireless Communications and Mobile Computing. https://doi.org/10.1155/2018/4680867
Belouch, M., El Hadaj, S., & Idhammad, M. (2018). Performance evaluation of intrusion detection based on machine learning using Apache Spark. Procedia Computer Science, 127, 1–6. https://doi.org/10.1016/j.procs.2018.01.091
Ye, K. (2019). Key feature recognition algorithm of network intrusion signal based on neural network and support vector machine. Symmetry, 11(3), 380. https://doi.org/10.3390/sym11030380
Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, 21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418
Kalaivani, S., Vikram, A., & Gopinath, G. (2019). An effective swarm optimization based intrusion detection classifier system for cloud computing. In 2019 5th international conference on advanced computing and communication systems (ICACCS) (pp. 185–188). IEEE. https://doi.org/10.1109/ICACCS.2019.8728450.
Taher, K. A., Jisan, B. M. Y., & Rahman, M. M. (2019). Network intrusion detection using supervised machine learning technique with feature selection. In 2019 International conference on robotics, electrical and signal processing techniques (ICREST) (pp. 643–646). IEEE. https://doi.org/10.1109/ICREST.2019.8644161.
Kim, J., Kim, J., Thu, H. L. T., & Kim, H. (2016). Long short term memory recurrent neural network classifier for intrusion detection. In 2016 International conference on platform technology and service (PlatCon) (pp. 1–5). IEEE. https://doi.org/10.1109/PlatCon.2016.7456805.
Al-Qatf, M., Lasheng, Y., Al-Habib, M., & Al-Sabahi, K. (2018). Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access, 6, 52843–52856. https://doi.org/10.1109/ACCESS.2018.2869577
Bay, S. D., Kibler, D., Pazzani, M. J., & Smyth, P. (2000). The UCI KDD archive of large data sets for data mining research and experimentation. ACM SIGKDD Explorations Newsletter, 2(2), 81–85.
KDD Cup 1999. Available on: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, Ocotber 2007.
Chang, C. C., & Lin, C. J. (2012). LIBSVM, A library of support vector machines. Available at https://www.csie.ntu.edu.tw/~cjlin/libsvm.
Kumar, I., Bhadauria, H. S., & Virmani, J. (2015). Wavelet packet texture descriptors based four-class BIRADS breast tissue density classification. Procedia Computer Science, 70, 76–84. https://doi.org/10.1016/j.procs.2015.10.042
Kher, R., Pawar, T., Thakar, V., & Shah, H. (2015). Physical activities recognition from ambulatory ECG signals using neuro-fuzzy classifiers and support vector machines. Journal of Medical Engineering and Technology, 39(2), 138–152. https://doi.org/10.3109/03091902.2014.998372
Sun, C. T., & Jang, J. S. (1993). A neuro-fuzzy classifier and its applications. In [Proceedings 1993] second IEEE international conference on fuzzy systems (pp. 94–98). IEEE. https://doi.org/10.1109/FUZZY.1993.327457.
Acknowledgements
The authors are grateful to TEQIP-III of Uttarakhand Technical University, Dehradun, for providing financial and technical support under advice No.-C081908383584. Further authors are greatly indebted towards Graphic era deemed to be university for providing necessary support to carry out this work also the flexibility provided by the university to researchers is highly appreciable.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mohd, N., Singh, A. & Bhadauria, H.S. Intrusion Detection System Based on Hybrid Hierarchical Classifiers. Wireless Pers Commun 121, 659–686 (2021). https://doi.org/10.1007/s11277-021-08655-1
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-08655-1